Research

Suspected North Korean Involvement in South Korea Hacks

Written by Reflare Research Team | Dec 7, 2016 12:44:00 PM

The recent cyber attacks in South Korea have some of the ‘North Korea fingerprints’ on them. A look at the chronology of North Korean cyber retaliation over the past years shows a history of targeting South Korean critical infrastructure, not just the government.

First Published 7th December 2016

Who needs real warheads when you've got a MicroLink 28.8TQV?

4 min read  |  Reflare Research Team

North Korea has been identified and/or implicated in a large number of cyber attacks targeting the South over the past years. This week’s attack and breach however take on a new dimension as Yonhap reports that South Korea’s Cyber Command itself was affected.

The South Korean Cyber Command was first established in early 2010 to coordinate the defence of South Korean governmental and corporate networks from precisely the kind of attack by which it was now hit.

We will take this opportunity to look at the economics of cyber warfare in more detail.

Compared to traditional defence spending, cyber-attacks are cheap. Even sophisticated zero-day exploits for commonly used devices or operating systems only cost up to millions of dollars on the black market but can allow an attacker with reasonable skills access to virtually any computer system. While millions of dollars are an unmountable expense for most criminal organizations and individuals, in terms of a country’s defence spending it is a small sum.

Likewise, the hardware required to conduct cyber attacks is much cheaper and more readily available than that required for physical warfare. Assuming that enough talented individuals can be found (which is a trivial matter in a dictatorship) and considering that information about hacking techniques is freely available on the internet, an entire offensive cyber warfare division can be built up, trained and equipped with several strong zero-day vulnerabilities for the price of a single ICMB or fighter jet.

As we have pointed out in previous issues, the anonymous nature of cyber-attacks also allows governments to inflict large damage to an opponent without being identified. Furthermore, while traditional military actions mostly project hard power, cyber attacks can be used to project both hard power (e.g. attacks on electricity, water or intelligence infrastructure) and soft power (e.g. leaking compromising emails about an enemy head of state).

These elements taken together explain why relatively small countries with weak economies such as North Korea have embraced cyber warfare. It allows them to project soft and hard power in a very cost-effective manner while minimizing the chance that they will face consequences.

As all governments race to develop strong cyber attack and defence capabilities, we predict the frequency and severity of government-sponsored cyber attacks to continue to increase.